From: Gavin Hamill <gdh@acentral.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: smtp
Date: Fri, 14 May 2004 12:37:08 +0100 [thread overview]
Message-ID: <200405141237.08794.gdh@acentral.co.uk> (raw)
In-Reply-To: <BAY15-F29OTHXMm9VWL0005acdf@hotmail.com>
On Friday 14 May 2004 12:17, azeem ahmad wrote:
> hi all
> i m havingg a continous upload on port 25 but i m unable to know which ip
> from my network is uploading on port 25. i saw on iptraf that some one is
> continously uploading on 25. the hardware addresss that iptraf is showing
> isnt really on my LAN but the traffic is coming from my LAN
> how can i find out the real hardware address or ip of the machine uploading
iptraf is a useful tool for some purposes, but here tcpdump would be more
appropriate. Install it, and try
tcpdump -n port 25
You may need to specify the eth device with "-i eth0" etc.
It should be obvious very quickly which address on your LAN is generating the
traffic (the machine will almost certainly be a Windows box with a virus).
From then, you can issue
$ iptables -A FORWARD -p tcp -i ethX -s X.X.X.X --dport 25 -j DROP
And this will immediately stop all traffic from IP address X.X.X.X coming *IN*
to ethX on your firewall.
From there, remove the virus and then undo the above line. (replace -A with
-D)
Cheers,
Gavin.
next prev parent reply other threads:[~2004-05-14 11:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-14 11:17 smtp azeem ahmad
2004-05-14 11:37 ` Gavin Hamill [this message]
2004-06-07 17:29 ` ip_conntrack_ftp and port forwarding Erick Sanz
2004-06-08 18:08 ` RESEND: " Erick Sanz
2004-06-10 3:01 ` Mark E. Donaldson
2004-05-14 12:46 ` smtp Antony Stone
-- strict thread matches above, loose matches on Subject: below --
2004-05-14 20:11 smtp azeem ahmad
2004-05-14 20:22 ` smtp Alexis
2004-05-14 20:26 ` smtp Gavin Hamill
2004-05-14 18:54 smtp azeem ahmad
2004-05-14 19:47 ` smtp Gavin Hamill
2004-05-14 15:41 smtp azeem ahmad
2004-05-14 15:53 ` smtp Gavin Hamill
2004-05-14 13:19 smtp azeem ahmad
2004-05-14 13:40 ` smtp Gavin Hamill
2004-05-14 12:07 smtp azeem ahmad
2004-05-14 12:28 ` smtp Gavin Hamill
2003-01-21 15:24 SMTP Steffen Bisgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200405141237.08794.gdh@acentral.co.uk \
--to=gdh@acentral.co.uk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.